Cybersecurity News from Across the Internet
There’s a crispness in the air – at least here in North America – and with it comes the latest security patches from Adobe and Microsoft. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering … Read More “The September 2025 Security Update Review – Zero Day Initiative – Blog” »
Meta is being sued by its former head of security, who claims the company ignored repeated warnings that its messaging platform WhatsApp was riddled with security vulnerabilities and privacy violations, and retaliated against him for raising these concerns, ultimately firing him. Attaullah Baig was the head of security at Meta from 2021 until this past … Read More “Former Meta security chief sues company for privacy violations, professional retaliation – CyberScoop” »
Republic today announced a strategic partnership with Incentiv, an EVM-compatible Layer 1 blockchain designed to make Web3 simple,… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A new, sophisticated phishing kit, Salty2FA, is using advanced tactics to bypass MFA and mimic trusted brands. Read… – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Why planning and rehearsing your recovery from an incident is as vital as building your defences – Read More – NCSC Feed
The United States needs a “new, coordinated strategy” to counter its cyber adversaries and “shift the burden of risk in cyberspace from Americans to them,” National Cyber Director Sean Cairncross said Tuesday. “Collectively, we’ve made great progress in identifying, responding to and remediating threats, but we still lack strategic coherence and direction,” he said at … Read More “National cyber director: U.S. strategy needs to shift cyber risk from Americans to its adversaries – CyberScoop” »
In episode 67 of The AI Fix, Graham talks to an AI with a fax machine, Bill Gates says there’s one job AI will never replace, criminals use Claude Code for cyberattacks, Mark reveals why GPT-5 was better than you think, and a bird brings new meaning to the words “cloud storage”. Also, Graham reveals … Read More “The AI Fix #67: Will Smith’s AI crowd scandal, and gullible agents fall for scams – Graham Cluley” »
A threat actor accidentally revealed their AI-powered methods by installing Huntress security software – Read More –
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft’s Direct Send feature to form a “highly efficient attack pipeline” in recent phishing campaigns, according to new findings from ReliaQuest. “Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined,” … Read More “Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks – The Hacker News” »
Industrial conglomerate Mitsubishi Electric has agreed to acquire OT and IoT cybersecurity specialist Nozomi Networks in a transaction that values the San Francisco-based firm near the $1 billion mark. The deal, slated to close in the fourth quarter of 2025, will see Nozomi Networks become a wholly owned subsidiary while continuing to operate independently. The … Read More “Mitsubishi Electric to acquire Nozomi Networks in $1 billion deal – CyberScoop” »
Salty2FA phishing campaign showcases advanced techniques and professionalism of cybercrime operations – Read More –
A new Android malware called RatOn evolved from a basic tool capable of conducting Near Field Communication (NFC) attacks to a sophisticated remote access trojan with Automated Transfer System (ATS) capabilities to conduct device fraud. “RatOn merges traditional overlay attacks with automatic money transfers and NFC relay functionality – making it a uniquely powerful threat,” … Read More “RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities – The Hacker News” »
What could have been a historic supply chain attack seems to have been averted due to the rapid response of the open source community – Read More –
Silver Spring, USA, 9th September 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
ReliaQuest warns that phishing campaigns abusing the Axios user agent have surged 241% in three months – Read More –
A House select committee said Chinese actors impersonated Representative John Moolenaar to steal information that could be used to influence trade talks – Read More –
⚠️ One click is all it takes. An engineer spins up an “experimental” AI Agent to test a workflow. A business unit connects to automate reporting. A cloud platform quietly enables a new agent behind the scenes. Individually, they look harmless. But together, they form an invisible swarm of Shadow AI Agents—operating outside security’s line … Read More “[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them – The Hacker News” »
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs. Akamai, which discovered the latest activity last month, said it’s designed to block other actors from accessing the Docker API from the internet. The findings build on a prior report from Trend … Read More “TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs – The Hacker News” »
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT. The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said. ” – Read More … Read More “From MostereRAT to ClickFix: New Malware Campaigns Highlight Rising AI and Phishing Risks – The Hacker News” »
Security teams have become the first and, in many cases, the last line of attack defense in the current… The post Burnout in Security Teams: Why It’s a Security Risk Too appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized. If you’re a CISO or security leader, you’ve likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they’re framed … Read More “How Leading CISOs are Getting Budget Approval – The Hacker News” »
Salesloft has revealed that threat actors targeted customer Salesforce data after breaching its GitHub account – Read More –
Multiple npm packages have been compromised as part of a software supply chain attack after a maintainer’s account was compromised in a phishing attack. The attack targeted Josh Junon (aka Qix), who received an email message that mimicked npm (“support@npmjs[.]help”), urging them to update their update their two-factor authentication (2FA) credentials before September 10, 2025, … Read More “20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack – The Hacker News” »
Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon and UNC4841. “The domains date back several years, with the oldest registration activity occurring in May 2020, further confirming that the 2024 Salt Typhoon attacks were not the first activity … Read More “45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage – The Hacker News” »
Posted by Taylor Newsome on Sep 08 Reporter: [Taylor Christian Newsome / SleepRaps () gmail com] Date: [8/21/2025] Target: Discord WebRTC / Voice Gateway API Severity: Critical 1. Executive Summary A proof-of-concept (PersistentRTC) demonstrates remote code execution (RCE) capability against Discord users. The PoC enables Arbitrary JavaScript execution in a victim’s browser context via … Read More “Critical Security Report – Remote Code Execution via Persistent Discord WebRTC Automation – Full Disclosure” »
Posted by Stefan Kanthak via Fulldisclosure on Sep 08 Hi @ll, this extends the two previous posts titled Defense in depth — the Microsoft way (part 90): “Digital Signature” property sheet missing without “Read Extended Attributes” access permission <https://seclists.org/fulldisclosure/2025/Jul/39> and Defense in depth — the Microsoft way (part 91): yet another 30 year old … Read More “Defense in depth — the Microsoft way (part 92): more stupid blunders of Windows’ File Explorer – Full Disclosure” »
Posted by Ron E on Sep 08 An integer overflow vulnerability exists in the FFmpeg cache: URL protocol implementation. The CacheEntry structure uses a 32-bit signed integer to store cache entry sizes (int size), but the cache layer can accumulate cached data exceeding 2 GB. Once entry->size grows beyond INT_MAX and new data is … Read More “FFmpeg 7.0+ Integer Overflow in FFmpeg cache: Protocol (CacheEntry::size) – Full Disclosure” »
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 08 SEC Consult Vulnerability Lab Security Advisory < 20250908-0 > ======================================================================= title: NFC Card Vulnerability Exploitation Leading to Free Top-Up product: KioSoft “Stored Value” Unattended Payment Solution (Mifare) vulnerable version: Current firmware/hardware as of Q2/2025 fixed version: No version numbers available CVE number:… – Read … Read More “SEC Consult SA-20250908-0 :: NFC Card Vulnerability Exploitation Leading to Free Top-Up in KioSoft “Stored Value” Unattended Payment Solution (Mifare) – Full Disclosure” »
Posted by Taylor Newsome on Sep 08 *To:* support () mellanox com, networking-support () nvidia com *From:* Taylor Christian Newsome *Date:* August 20, 2025 *Dear Mellanox/NVIDIA Networking Support Team,* I am writing to formally submit the critical firmware parameters for Mellanox PCI Express Host Channel Adapter (HCA) cards, as detailed in the official documentation … Read More “Submission of Critical Firmware Parameters – PCIe HCA Cards – Full Disclosure” »
Posted by Ron E on Sep 08 The DjVuLibre document compression library (tested version 3.5.29) is vulnerable to an integer overflow caused by a left shift of a negative signed integer in the IW44EncodeCodec.cpp component. When processing crafted PPM input passed through the c44 utility, negative pixel values are left-shifted in functions such as … Read More “DjVuLibre 3.5.29 IW44EncodeCodec Integer Overflow (Negative Left Shift in IW44Image::Map::Encode) – Full Disclosure” »
Posted by Ron E on Sep 08 The DjVuLibre document compression library (tested version 3.5.29) contains multiple instances of unsigned integer overflow in the ZPCodec.cpp component. During arithmetic encoding operations (e.g., zemit, encode_lps, encode_lps_simple, eflush), crafted input can cause arithmetic wraparound (0-1, 1-2, or value+UINT_MAX). These operations rely on precise probability modeling for entropy … Read More “DjVuLibre 3.5.29 ZPCodec Unsigned Integer Overflow in Arithmetic Encoding – Full Disclosure” »
Posted by Ron E on Sep 08 The ladspa audio filter implementation (libavfilter/af_ladspa.c) in FFmpeg allows unsanitized environment variables to influence dynamic library loading. Specifically, the filter uses getenv(“LADSPA_PATH”) and getenv(“HOME”) when resolving the plugin shared object (.so) name provided through the file option. These values are concatenated into a filesystem path and passed … Read More “FFmpeg 7.0+ LADSPA Filter Arbitrary Shared Object Loading via Unsanitized Environment Variables – Full Disclosure” »
Posted by Ron E on Sep 08 A signed integer overflow exists in FFmpeg’s udp.c implementation when parsing the fifo_size option from a user-supplied UDP URL. The overflow occurs during multiplication, which is used to compute the size of the circular receive buffer. This can result in undefined behavior, allocation failures, or potentially memory … Read More “FFmpeg 7.0+ Integer Overflow in UDP Protocol Handler (fifo_size option) – Full Disclosure” »
Posted by Ron E on Sep 08 A vulnerability exists in the FFmpeg UDP protocol implementation ( libavformat/udp.c) where the dscp parameter is parsed from a URI and left-shifted without bounds checking. Supplying a maximum 32-bit signed integer (2147483647) triggers undefined behavior due to a left shift that exceeds the representable range of int. … Read More “FFmpeg 7.0+ Integer Overflow in DSCP Option Handling of FFmpeg UDP Protocol – Full Disclosure” »
Posted by Ron E on Sep 08 The FFmpeg tools/yuvcmp utility is vulnerable to an integer overflow when large width and height parameters are supplied. The overflow occurs during buffer size calculations (width * height) leading to incorrect allocation sizes and subsequent memory corruption. An attacker controlling input dimensions can trigger large or invalid … Read More “FFmpeg 7.0+ Integer Overflow in FFmpeg yuvcmp Tool Leads to Out-of-Bounds Allocation – Full Disclosure” »
Posted by Ron E on Sep 08 FFmpeg invokes function pointers through incorrect type casting, leading to type confusion. UndefinedBehaviorSanitizer logs mismatched signatures in utils.c:528. Crafted inputs can cause UB, misaligned function dispatch, and possible arbitrary code execution depending on platform ABI. (FFmpeg 7.0 – 8.0) *Impact:* – DoS in normal builds. – Potential … Read More “FFmpeg 7.0+ Type Confusion in FFmpeg Function Pointer Calls (libavformat/utils.c) – Full Disclosure” »
Posted by Ron E on Sep 08 Improper validation in libavutil/avstring.c allows a NULL pointer dereference when processing certain strings in HLS contexts. UBSan reports “applying zero offset to null pointer.” Triggers denial of service (DoS) when FFmpeg processes malicious playlists or malformed URLs. (FFmpeg 7.0 – 8.0) *Impact:* – Consistently crashes the process … Read More “FFmpeg 7.0+ NULL Pointer Dereference in FFmpeg String Handling (avstring.c) – Full Disclosure” »
Posted by Ron E on Sep 08 Malformed .m3u8 playlists can trigger a heap use-after-free when the HLS demuxer handles segment references. ASan reports access to freed memory inside libavformat/utils.c:528. A crafted .m3u8 could allow remote attackers to achieve denial of service (DoS), information disclosure, or potentially remote code execution depending on heap state. … Read More “FFmpeg 7.0+ Heap Use-After-Free in FFmpeg HLS Demuxer (libavformat/utils.c) – Full Disclosure” »
Posted by Ron E on Sep 08 The FullBox::get_flags() method retrieves 24-bit flags from the underlying box header. When a malformed box truncates the field, the function still attempts to read three bytes. With insufficient data, this reads past valid memory into uninitialized or out-of-bounds memory. *Root Cause:* – No length validation before reading … Read More “libheif v1.21.0 Out-of-Bounds Read in FullBox::get_flags – Full Disclosure” »
Posted by Ron E on Sep 08 Box_hdlr::get_handler_type() (libheif/box.h:487) is called even when the hdlr box has not been properly initialized due to malformed input. This leads to dereferencing a null object pointer. *Root Cause:* – No validation of hdlr box presence before accessing handler fields. *Impact:* – Application crash only (DoS). – No … Read More “libheif v1.21.0 Null Pointer Dereference in Box_hdlr::get_handler_type – Full Disclosure” »
Posted by Ron E on Sep 08 During construction of a Track_Visual object, corrupted sequence metadata can leave a std::vector<unsigned> uninitialized. When .empty() is called, it attempts to dereference a null object. *Root Cause:* – Missing input validation when constructing vectors from parsed boxes. *Impact:* – Application crash (DoS). – Not exploitable for code … Read More “libheif v1.21.0 Null Pointer Dereference in std::vector::empty – Full Disclosure” »
Posted by Ron E on Sep 08 An integer overflow vulnerability exists in the Y4M input loader (loadY4M in decoder_y4m.cc) of libheif. The loader fails to properly validate the width and height values declared in the Y4M file header. Supplying a crafted .y4m file with extremely large dimensions (e.g., W2147483647 H2147483647) causes integer overflow … Read More “libheif v1.21.0 Integer Overflow in Y4M Loader leading to Uncontrolled Memory Allocation – Full Disclosure” »
Posted by Ron E on Sep 08 The vulnerability resides in the constructor Chunk::Chunk ( libheif/sequences/chunk.cc:89). When parsing the Sample Size Box (stsz) of a HEIF sequence track, the code allocates a std::vector<unsigned int> and then appends entries for each sample size. The count used for allocation and iteration is taken directly from the … Read More “libheif v1.21.0 Heap Buffer Overflow in Chunk::Chunk – Full Disclosure” »
Posted by Ron E on Sep 08 The Track::init_sample_timing_table logic manages a std::vector<std::shared_ptr<Chunk>> representing parsed sequence chunks. With malformed HEIF sequence files, corrupted chunk tables may cause premature destruction of Chunk objects while references remain in the vector. Later accesses via std::__shared_ptr<Chunk>::get() return a dangling pointer. ASan reports these as heap-buffer-overflows because the stale … Read More “libheif 1.21.0 Use-After-Free / Dangling shared_ptr in Track Chunk Handling – Full Disclosure” »
Posted by Ron E on Sep 08 The Box_stts structure defines decoding time to sample mapping. In Box_stts::get_sample_duration(unsigned), the requested index is assumed valid. A crafted file can set entry_count inconsistently with the actual buffer size, leading to access beyond the bounds of the parsed vector. *Root Cause:* – Lack of bounds checks on … Read More “libheif v1.21.0 Out-of-Bounds Read in Box_stts::get_sample_duration – Full Disclosure” »
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a … Read More “18 Popular Code Packages Hacked, Rigged to Steal Crypto – Krebs on Security” »
Federal authorities on Monday imposed sanctions on 19 people and organizations allegedly involved in major cyberscam hubs in Burma and Cambodia. “Criminal actors across Southeast Asia have increasingly exploited the vulnerabilities of Americans online,” Secretary of State Marco Rubio said in a statement. “In 2024, Americans lost at least $10 billion to scam operations in … Read More “Treasury Department targets Southeast Asia scam hubs with sanctions – CyberScoop” »
Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-5 macOS Ventura 13.7.8 macOS Ventura 13.7.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/124929. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: macOS Ventura Impact: Processing … Read More “APPLE-SA-08-20-2025-5 macOS Ventura 13.7.8 – Full Disclosure” »
Posted by Seralys Research Team via Fulldisclosure on Sep 08 Seralys Security Advisory | https://www.seralys.com/research ====================================================================== Title: Unauthenticated User Creation Product: SpamTitan Email Security Gateway Affected: Confirmed on 8.00.95 Fixed in: 8.00.101 and 8.01.14 Vendor: TitanHQ Discovered: May 2024 Severity: HIGH CWE: CWE-306: Missing Authentication for Critical Function CVE:… – Read More – Full Disclosure
![[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them – The Hacker News](https://attackfeed.com/wp-content/uploads/2025/09/webinar-qfzj3Y.webp "[Webinar] Shadow AI Agents Multiply Fast — Learn How to Detect and Control Them")
